Everything You Need to Know about Windows 10 Anti-Malware Device Guard

Malware pose a huge threat to the users’ security as they can snoop in on their personal information, get access to their data, delete crucial files, etc. This is why there are a ton of anti-malware available in the market. However, with Windows 10, Microsoft has come up with their own anti-malware which they firmly believe will refute the need for any third-party software whatsoever. This anti-malware is named Device Guard and has kept the systems of Windows 10 users safe from most foreign attacks. However, there were still some users who got affected. Microsoft looked into the matter and realized that not a lot of people are well versed in the new anti-malware. Knowing that, they have released a new guide which provides details on what Device Guard actually is and how it works.

IOMMU

All the critical data of an operating system is fenced off from the rest of the applications to keep it safe. This safe zone is guarded by IOMMU and some other mechanisms. All of these mechanisms combined ensure that kernel-level drivers, privileged codes, and other devices linked to a machine do not gain access to the critical information by any means. IOMMU locks down hardware, and then it can only access system memory that isn’t critical to the survival of the machine. Another big advantage of IOMMU is that it prevents malicious drivers and drivers from sneaking into users’ apps and operating system. It basically shuts down the routes so that even skilled individuals won’t be able to sneak in and damage anything.

How the Device Guard Works

If you were wondering how this new anti-malware from Microsoft works, then worry not as the tech giant has itself provided an answer. According to it, “the same type-1 hypervisor technology that is used to run virtual machines in Microsoft Hyper-V is used to isolate core Windows services into a virtualization-based, protected container. This isolation removes the vulnerability of these services from both the user and kernel modes and acts as an impenetrable barrier for most malware used today.”

To simplify we can say that Microsoft has come up with a mechanism that moves the critical bits of Windows to a safe zone where they cannot be reached through any malware. This means that even if your computer gets infected, you will still be able to avoid any serious damage because Device Guard will not give access to critical data of the Windows.

Signing of Code

Although Device Guard can be pretty helpful for the regular users, Microsoft created it by keeping enterprises and large organizations in mind. Some mechanisms used in this new anti-malware are very much similar to Windows RT and Windows Phone with serial numbers filed off. All the tablets and smartphones that are running on Windows RT are locked down, and they can only be run by that one code cryptographically signed by Microsoft or the IT department.

Historically, UMCI [user mode code integrity] had been available only in Windows RT and on Windows Phone devices, making it difficult for these devices to be infected with viruses and malware. In Windows 10, these same successful UMCI standards are available. Historically, most malware has been unsigned. By simply deploying code integrity policies, organizations will immediately protect themselves against unsigned malware, which is estimated to be responsible for more than 95 percent of current attacks.”

In simple words, this turns your work PC into an iPhone where the users are only able to run vetted software:

“By using code integrity policies, an enterprise can select exactly which binaries are allowed to run in both user mode and kernel mode, from the signer to the hash level. When completely enforced, it makes user mode in Windows function like a mobile phone, by allowing only specific applications or specific signatures to be trusted and run.”

The code integrity is completely configurable and it will be up to the business to sign their own software with or without making any changes. Furthermore, businesses will be allowed to run code integrity without the support of Device Guard, but Microsoft claims that the best way would be to have them both run simultaneously.

So far, Device Guard has been doing a great job of keeping the people safe from almost all kinds of malware, but the question is will it be able to keep doing that over the course of next few years. Hackers are pretty skilled individuals who won’t go down easily and will look for ways to counter the new anti-malware. Microsoft will need to keep improving their software as well so that it can stay competitive in the market.

Tags: